Linux Distros Unpatched Vulnerability : CVE-2017-12855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen maintains the GTFread,writing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it ...

CVE-2024-1289

CVE-2024-1289 affects LearnPress – WordPress LMS Plugin. All versions up to 4.2.6.3 are vulnerable to Insecure Direct Object Reference (IDOR) due to missing validation on a user-controlled key when retrieving order data. Authenticated attackers can view orders placed by other users and guests, en...

SUSE CVE-2012-5512

Array index error in the HVMOPsetmemaccess handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service crash or obtain sensitive information via unspecified vectors...

UBUNTU-CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...

Kernel: KVM: leak of uninitialized stack contents to guest

An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object hold...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : QEMU update (USN-3679-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3679-1 advisory. Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow...

USN-3679-1: QEMU update

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update...

Ubuntu: Security Advisory (USN-3560-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3561-1: libvirt update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...

vdsm: unfiltered guestInfo dictionary DoS

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."...

vdsm: unfiltered guestInfo dictionary DoS

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."...

Debian Security Advisory DSA 2542-1 (qemu-kvm)

The remote host is missing an update to qemu-kvm announced via advisory DSA 2542-1. OpenVAS Vulnerability Test $Id: deb25421.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2542-1 qemu-kvm Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

DSA-2542-1 qemu-kvm - multiple

Bulletin has no description...